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(57) Abstract 

The present invention is a method and 
system universally applicable to minimize 
unauthorized use of intellectual property 
products distributed to mass market. Iden- 
tification codes (ID) are assigned to indi- 
vidual intellectual property product and the 
means of using such product (User Means). 
Process to minimise unauthorized use of 
such product includes: firstly, means of 
selling or distributing such product (Dealer 
Means) to generate check code from ID of 
such product stored in said Dealer Means 
and user supplied ID of User Means. Sec- 
ondly, Dealer Means supplies such check 
code to such product placed in said User 
Means to execute check code authentication 
by verifying such check code with the code 
generated from ID of such product and ID 
of said User Means before allowing use of 
such product on said User Means to pro- 
ceed. Alternatively, such check code is. 
generated by User Means from ID of said 
User Means and ID of such product sup- 
plied by individual portable tamper-proof 
data storage device e.g. plastic card embed- 
ded with magnetic storage strip or integrated 
circuit, such data storage device being dis- 
tributed together with such product to said 
User Means. Objectives of the present in- 
vention are achieved by embedding -essential data and modalities required to execute such check code generation and check code authenti- 
cation processes into at least one tamper-proof data storage device. 
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A METHOD AND SYSTEM FOR PROTECTING INTELLECTUAL 
PROPERTY PRODUCTS DISTRIBUTED IN MASS MARKET 



5 FIELD OF THE INVENTION 

The present invention relates to an authentication process executable during 
the process of installing or using intellectual property products to prevent 
unauthorised use and distribution of such products which are recorded on 

10 portable means like magnetic or optical or integrated circuit media for 
distribution to mass market or transmitting such products through mass 
distribution channel means to users. In particular, the present invention 
relates to a process of customising intellectual property products with 
individual authorised user, and to individual predetermined means of using 

15 or receiving such products or to both the user and the means at the point of 
selling or distributing such products or installing such products onto said 
means. 



20 BACKGROUND OF THE INVENTION 

Intellectual property products for mass market are .generally recorded on 
portable storage media for distribution to users in the form of computer 
software stored in diskette or optical disc or even integrated circuit board, 
25 audio and video signal recorded in cassette or optical disk etc. Some of such 
products are also distributed through mass distribution channel means to the 
users e.g. software distributed through Internet, audio and video products 
broadcasted to receivers etc. 
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Protection schemes to deter piracy or unauthorised use of such products 
usually cause users inconvenience and may discourage otherwise legitimate 
purchasers. As a result, owners and producers of intellectual property 
products either risk piracy by foregoing any form of copy protection or rely on 
5 low price business strategy, fast product obsolescence and legal cost 
remedies approach. 

Prior art method of protecting intellectual property products from piracy or 
unauthorised use include software approach or combination of software 
1 0 approach with hardware solution. The software approach ranges from using 
password to adopting proprietary encryption and decryption techniques. 
Available are other techniques such as restrictive duplication procedures and 
public-key encryption. 

15 Techniques of combining software approach with hardware solution are well 
illustrated by U.S. Patent No.4 ,453,074 issued to Weinstein which teaches 
the use of an encrypted password referenced to the personal characteristics 
of a "smart-card 11 possessor. The password is encrypted with a non-secret 
reference text and stored on the smart-card. When the smart-card possessor 
20 presents the smart-card and enters the password on a terminal for accessing 
a system, the terminal decrypts the embedded password to match with the 
entered password for allowing the card possessor to gain access to the 
system while the non-secret reference text is available to the system for 
identifying the smart-card possessor. Another prior art disclosed by U.S. 
25 Patent No.5,343,524 uses a hardware security device within a 
microprocessor for interacting with a host computer such that protected 
software may not be operated unless the security device is in place. 
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European published patent application No.0302710 issued to Karp discloses 
a technique for authorizing use of diskette software contents on authorized 
computer by providing a unique identification (ID) placed with a computer 
which the software on a diskette is to be used. This ID is accessible to the 
5 user of the computer. The software vendor provides a source ID on the 
diskette. The computer ID is used with the source ID to produce an encoded 
check word, using any available encryption. The check word is then placed 
onto the distributed diskettes together with the said software. At the time of 
utilising the software, a verification process is executed by using computer ID 

10 and source ID and check word to verify that the software is being used on the 
same computer on which the diskette was produced. This method requires 
vendor to store check word together with the software in the distributed 
diskette making it impractical for mass market because the vendors of 
products at the time of placing said products on diskettes do "not know details 

15 of user and his computer. 

In general, prior art methods of preventing unauthorised access to computer 
software distributed to predetermined users do not address unauthorized 
access after such software are recorded on portable media or after such 

20 software are installed onto means of using such software. Moreover, others 
suggest adding hardware devices to computer system to protect computer 
software; this approach is not suitable for mass market as these devices are 
dedicated to individual intellectual property product and are vulnerable to 
duplication and end users are required to be skilled in the art to some extent. 

25 None of the prior art solves the problem of controlling use of intellectual 
property products stored on portable media and distributed in mass market as 
owners and producers of such products do not know the users and means of 
using such products before and after creating such products on portable 
media for distribution in mass market. 
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OBJECTIVE OF THE INVENTION 

The present invention has an objective of providing a method and system 
universally applicable to minimise unauthorized use of intellectual property 
5 products. 

The present invention has another objective of providing a method and 
system universally applicable to minimise unauthorized use of intellectual 
property products stored on magnetic media, optical disc or other forms of 
1 0 data storage means. 

The present invention has yet another objective of providing a method and 
system universally applicable to minimise unauthorized use or receipt of 
intellectual property products transmitted through mass distribution channel 
1 5 means like cable or wireless transmission channel. 

SUMMARY OF THE INVENTION 

20 The present invention is a method and system universally applicable to 
minimise unauthorized use of intellectual property products distributed to 
mass market. Identification codes (ID) are assigned to individual intellectual 
property product and the means of using such product (User Means). Process 
to minimise unauthorized use of such product includes: firstly, means of 

25 selling or distributing such product (Dealer Means) to generate check code 
from ID of such product stored in said Dealer Means and user supplied ID of 
User Means. Secondly, Dealer Means supplies such check code to such 
product placed in said User Means to execute check code authentication by 
verifying such check code with the code generated from ID of such product 
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and ID of said User Means before allowing use of such product on said User 
Means to proceed. Alternatively, such check code is generated by User 
Means from ID of said User Means and ID of such product supplied by 
individual portable tamper-proof data storage device e.g. plastic card 
5 embedded with magnetic storage strip or integrated circuit, such data storage 
device being distributed together with such product to said User Means. 

Objectives of the present invention are achieved by embedding essential 
data and modalities required to execute such check code generation and 
10 check code authentication processes into at least one tamper-proof data 
storage device. 

BRIEF DESCRIPTION OF THE DRAWING 

15 

FIGURE 1 illustrates data communication between Dealer Means and User 
Means for verification of user identity in executing electronic commerce 
through mass distribution channel means. 

20 FIGURE 1A illustrates the details of User Means generating transaction code 
for executing electronic commerce through mass distribution channel means. 

FIGURE 1B illustrates the details of Dealer Means authenticating transaction 
code for executing electronic commerce through mass distribution channel 
25 means. 

FIGURE 2 illustrates the operation of Dealer Means generating LicenCODE 
to make individual intellectual property product dedicated to individual User 
Means of using such product and such User Means executing LicenCODE 
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authentication to install such product for subsequent use on said User 
Means. 

FIGURE 2A illustrates the interaction between Dealer Means and two User 
5 Means for changing User Means of using intellectual property product. 

FIGURE 3 illustrates User Means in operation of making the fixed tamper- 
proof data storage device UMIDmeans and the portable tamper-proof data 
storage device UMIDcard uniquely dedicated to each other as a Match-pair. 

10 

FIGURE 3A illustrates the operation of confirming Match-pair condition or 
unique dedication relationship between fixed tamper-proof data storage 
device UMIDmeans and portable tamper-proof data storage device 
UMIDcard in order to enable subsequent installation and application 
15 operations of intellectual property products. 

FIGURE 4 illustrates the operation of preparing intellectual property product 
for limited use on User Means after receiving such product through mass 
distribution channel means, wherein creation of usage control counter for 
20 such product in the portable tamper-proof data storage device UMIDcard 
being described. 

FIGURE 4A illustrates the process of controlled usage of installed product on 
user means where usage control counter having various values in portable 
25 tamper-proof data storage device UMIDcard achieves the desired usage 
control of intellectual property product on User Means. 

FIGURE 5 illustrates subsequent to operation in FIGURE 4 the operation of 
preparing intellectual property product for unlimited use by having Product 
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tamper-proof data storage device ProdCard to create unlimited use value for 
usage control counter of such product in portable tamper-proof data storage 
device UMIDcard. 

5 FIGURE 6 illustrates User Means in operation of disabling use of intellectual 
property product on the existing User Means in order to enable subsequent 
installation of such product onto other User Means. 

FIGURE 6A illustrates subsequent to operation in FIGURE 6 the operation of 
1 0 installing product onto any User Means. 

FIGURE 7 illustrates User Means in operation of creating new fixed tamper- 
proof data storage device UMIDmeans by duplicating necessary data from 
the existing portable tamper-proof data storage device UMIDcard to form a 
1 5 new Match-pair for the User Means. 

FIGURE 7A illustrates User Means in operation of creating new portable 
tamper-proof data storage device UMIDcard by duplicating necessary data 
from the existing fixed tamper-proof data storage device UMIDmeans to form 
20 a new Match-pair for the User Means. 

FIGURE 7B illustrates User Means in operation of using Product tamper- 
proof data storage device ProdCard of intellectual property product to enable 
use of such product on the User Means after creating new fixed tamper-proof 
25 data storage device UMIDmeans for such User Means. 

FIGURE 7C illustrates User Means in operation of re-enabling limited use of 
intelligent property product by restoring original value at ProdCPd-limtted in 
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usage control counter for such product in portable tamper-proof data storage 
device UMIDcard. 

FIGURE 8 illustrates data manipulation operation between User Means and 
5 Dealer Means of executing pay-per-use transaction through mass distribution 
channel means for intelligent property product. 

FIGURE 8A illustrates the operation of creating usage control counter in 
portable tamper-proof data storage device UMIDcard to enable limited use of 
1 0 intelligent property product under pay-per-use condition. 

FIGURE 9 illustrates the operation of creating usage control counter in 
portable tamper-proof data storage device UMIDcard to enable limited use of 
intelligent property product under free product evaluation condition. 

15 

FIGURE 10 illustrates Dealer Means in operation of generating LicenCODE 
for intelligent property product e.g. hardware, audio product and video 
product etc. in portable tamper-proof data storage device UMIDcard and User 
Means in operation of executing LicenCODE authentication to enable use of 
20 such product. 

FIGURE 11 illustrates the Dealer Means in operation of generating 
LicenCODE for broadcasted intelligent property product in portable tamper- 
proof data storage device UMIDcard and User Means in operation of 
25 executing LicenCODE authentication to enable receipt of such product 
broadcasted through mass distribution channel means. 
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FIGURE 12 illustrates the embodiment of applying the present invention to 
control access to intelligent property product stored in Central Means wherein 
data manipulation in User Means and Central Means being described. 

5 FIGURE 12A illustrates User Means in operation of generating transaction 
code to request access right from Central Means for accessing intelligent 
property product stored in such Central Means. 

FIGURE 12B illustrates Central Means in operation of authenticating 
10 transaction code for granting User Means the access right. 

DETAILED DESCRIPTION OF THE INVENTION 

15 The present invention describes a method and system universally applicable 
to minimise unauthorized use of intellectual property products (hereinafter 
called "Product 0 ) presented as tangible hardware or intangible signals or 
intangible signals recorded on any data or signal storage means like 
magnetic storage means, optical storage means, integrated circuit storage 

20 means or the like (hereinafter collectively called "Medium") for distribution 
through mass distribution channel means to users in mass market. Such 
mass distribution channel means comprises a combination of at least the 
telecommunication networks, internet, commercial sales outlets, wireless 
broadcasting networks for audio and video signal, transportation means, 

25 hand delivery or the like (hereinafter collectively called "ChanneP). Usually, 
though not necessarily, said signals take the form of electrical, optical, 
magnetic or electromagnetic data capable of being stored, transferred, 
transformed, duplicated, combined, split, and otherwise manipulated. 
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Notation and Nomenclature 

The detailed description with respect to controlling use of Product is 
presented partially in terms of algorithm and symbolic representation upon 
5 data operation and manipulation steps involved. These algorithmic 
description and representation are the means used by those skilled in the art 
of data processing to convey most effectively the substance of their work to 
others skilled in the art. 

10 An algorithm is here, and generally, conceived to be a self-consistent 
sequence of steps leading to a desired result. These steps are those require 
physical manipulation of physical quantities. Usually, though not necessarily, 
these quantities take the form of electrical, optical or magnetic signals 
capable of being stored, transferred, transformed, combined, split, and 
15 otherwise manipulated. In this case, the physical quantities are voltage 
signals which correspond to the information being distributed and processed. 
It proves convenient at times, principally for reason of common usage, to refer 
to these voltage signals as bits, bytes, numbers, values, elements, symbols, 
characters, terms, images or the like. It should be borne in mind, however, all 
20 of these and similar terms are to be associated with the appropriate physical 
quantities and are merely convenient labels applied to these quantities. 

Furthermore, the manipulations performed are often referred to in terms of 
such as adding or verifying or comparing, which are commonly associated 
25 with the mental operations performed by a human operator. No such capacity 
of a human operator is necessary, or desirable. In most cases, in any of the 
operations described herein which form part of the present invention, the 
operations are machine operations. Useful machines for performing the 
operations of the present invention include general purpose digital 
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computers or similar devices such as digital signal processors. In all cases, it 
should be borne in mind that there is a distinction between the method 
operation in operating a computer or other apparatus and the method of 
computation itself. The present invention relates to method steps for 
5 preventing unauthorized use of distributed information via storing and 
manipulation of data within the tamper-proof data storage device, and device 
being obvious to the one skilled in the art to include software approach like 
encrypting data and storing such data in hardisk in an unusual way to 
minimising user access to such data or combination of software approach 
10 with hardware solution like manipulating data and storing data within 
specialised microprocessor which is locked with security key only known to 
certain known means or people. 

The present invention also relates to an apparatus for performing these 
15 operations. This apparatus may be specially constructed for the required 
purpose or it may comprise a general purpose computer as selectively 
activated or reconfigured by a computer program stored in the computer. The 
algorithms presented herein are not inherently related to any particular 
computer or other apparatus. In particular, various general purpose machines 
20 may be used with programs written in accordance with the teachings herein, 
or it may prove more convenient to construct specialized apparatus such as 
digital signal processor or electronic circuitry to perform the required method 
steps. The required structure for a variety of these machines would appear 
from the description given below. 

25 

In order to better describe the present invention, some terms and symbols are 
defined as follows: 
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individual portable tamper-proof data storage device is assigned to 
individual Product as "ProdCard", assigned to individual user as 
"UserCard" and assigned to individual User Means as "UMIDcard"; 

such device stores essential data and modalities for giving user 
5 predetermined access and control window to retrieve or manipulate 

the data stored in such device and to isolate user from tampering 

operations of User Means in controlling use of Product such as 

monitoring, enabling and disabling usage etc.; 

10 individual fixed tamper-proof data storage device "UMIDmeans" is 

fixed onto each User Means to store data and modalities as well as to 
interface ProdCard, UserCard and UMIDcard with such User Means; 

a plurality of users individually identified by unique user identification 
15 code "UserlD" and further identified by unique transaction account 

code "AccountCODE" and optional one or more subsidiary codes 
"SubCODE"; such codes are stored in Dealer Means, Central Means 
and respective UserCard for users to execute electronic commerce 
with said Dealer Means or for users to request access right to retrieve 
20 data stored in said Central Means; 



a plurality of identification codes CNCODE are individually 
assigned to represent various considerations, one of which is 
CityCODE which individually represents each geographical 
25 area and group of users; 



a plurality of UMIDmeans and UMIDcard are jointly coupled with 
individual User Means to create unique pair of UMIDmeans and 
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UMIDcard called "Match-pair" for such User Means through generating 
and storing an unique identification code "UMID W ; 

a plurality of UMIDcard are individually identified by respective 
5 identification code "CardTP"; 

a plurality of UMIDmeans are individually identified by respective 
identification code "MeansTP"; 

10 a plurality of Products are individually identified by unique product type 

identification code "ProdTP", such ProdTP is stored in Dealer Means 
for executing electronic commerce and is also stored in individual 
ProdCard for dissemination to user in mass market; 

15 a plurality of unique codes "ProdUMID" are the transformed UMID for 

each Product derived by individual UMIDmeans or UMIDcard from a 
combination of at least such UMID and ProdTP of individual Product; 

a plurality of Product usage counters "ProdCPd" storing quantity of use 
20 of individual Product for controlling use of such Product on User 

Means are individually applicable to respective Product wherein said 
quantity of use usually, though not necessarily, is presented in any 
combination of the following forms: frequency of use, time duration, 
calendar date, volume of data processed or the like; 



25 



ProdCPd of a Product having value at "ProdCPd-limited" allows use of 
such Product subject to predetermined quantity of use; 
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ProdCPd of a Product having value at "ProdCPd-endless" allows 
unlimited quantity of use of such Product; 

ProdCPd of a Product having value at *ProdCPd-ended" disables use 
of such Product; 



a plurality of User Means are individually identified by identification 
code IDCODE comprises a combination of at least the identification 
codes embedded in any part of such User Means, UMID and 
10 CNCODE; 



a plurality of Product check code "LicenCODE" are individually derived 
for individual Product from a combination of at least ProdTP of such 
Product and IDCODE of individual predetermined User Means 
15 according to predetermined modalities, so that such LicenCODE is 

uniquely related to such ProdTP and IDCODE i.e. LicenCODE is a 
function of ProdTP and IDCODE; 

individual User Means comprises means to use Product, Match-pair, 
20 and other means and devices coupled with or fixed onto or connected 

to said means to use Product; 



The above terms and symbols should be viewed as the means adopted in the 
description to conveniently present the details of the present invention to 
25 anyone skilled in the art. It should not be viewed as setting limit or scope to 
the application and claims of the present invention. 

In the following description, numerous specific details are set forth such as 
types of codes used in encryption process and data manipulation steps, etc. 
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in order to provide a thorough understanding of the present invention. It will 
be obvious to one skilled in the art that the present invention may be 
practised without adopting the same details. In other instances, well-known 
steps such as those involved with encryption and decryption of data are not 
5 shown in order not to obscure and restrict implementation of the present 
invention. 

Furthermore, it should be obvious to one skilled in the art that all processes 
and operations described in the following embodiments can be executed in 
10 various general purpose machines. However, in order to isolate user from 
intervention for achieving the desired objectives, the present invention 
preferably requires such processes to be executed by any combination of 
UserCard, ProdCard, UMIDmeans and UMIDcard. 



15 

DETAILED DESCRIPTION OF METHOD 



The present invention expressed as a method universally applicable to 
minimise unauthorized use of Product requires IDCODE of User Means and 

20 ProdTP of Product for executing LicenCODE Generation and LicenCODE 
Authentication in customising individual Product with predetermined User 
Means, and optionally for predetermined considerations like user identity and 
geographical area etc. by including CNCODE in said LicenCODE 
Generation and LicenCODE Authentication, as the way to minimise 

25 unauthorized use of such Product. Central to this invention are the pairing of 
at least two tamper-proof data storage devices to form Match-pair as part of 
User Means; and establishing the unique relationship between Product and 
User Means by generating a LicenCODE for such Product. Thereafter, User 
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Means requires to generate a check code to authenticate such LicenCODE in 
order to use the Product. 

LicenCODE Generation is executed by Dealer Means at the stage of 
5 distributing Product to User Means for customising such Product with such 
User Means, or by User Means at Product Installation stage to enable 
execution of Product Application on such User Means. LicenCODE 
Authentication is executed by User Means at Product Installation stage to 
enable execution of Product Application on such User Means for Product 
10 distributed by Dealer/Means, or at Product Application stage to enable 
activation of the use of such Product on such User Means. 

Product Installation refers to the process of creating in, storing into or 
transferring to User Means the data required to execute Product Application 
15 and to disable execution of subsequent Product Installation of such Product 
on such User Means under certain conditions or on other User Means. Said 
data comprises, but not limited to, LicenCODE of Product required by 
execution of LicenCODE Authentication, values stored in ProdCPd of Product 
required by execution of Product Application to control use of such Product 

20 on User Means, and flag or data stored in ProdCard of such Product to 
disable execution of LicenCODE Generation by other User Means. It should 
be understood by one skilled in the art that values stored in ProdCPD include 
parameters, numbers, symbols or the like being individually assigned to 
invoke respective processes to control use of Product, e.g., disabling use of 

25 Product, and allowing indefinite use of Product, and allowing use of Product 
subject to prefixed quantity of use. Such values of ProdCPd are transferable, 
changeable, duplicable and restorable under predetermined conditions at 
the stages of Product Installation and Product Application. Product having 
successfully completed execution of such Product Installation process on 
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User Means is hereinafter called "Installed Product', and such User Means 
hereinafter is called User Means of Installed Product 1 . 

Product Application refers to controlling use of Product on User Means 
5 through execution of predetermined combination of the following processes: 
LicenCODE Authentication, verification and modification of values of 
ProdCPd of Product, and confirmation of matching CNCODE in Product with 
CNCODE in User Means. Controlling use of Product refers to enabling, 
monitoring, recording, disabling use of Product on User Means or the like. 

10 LicenCODE Authentication refers to matching LicenCODE of such Product to 
check code generated by User Means or such Product from IDCODE of user 
Means and ProdTP of such Product. Verification of values of ProdCPd refers 
to User Means comparing each value of ProdCPd of Product with a prefixed 
value for invoking respective processes to control use of such Product on 

15 User Means. Modification of values of ProdCPd of Product refers to User 
Means changing such values of ProdCPd of Product in conjunction with the 
proceeding of use of such Product on User Means. 

The present invention controls use of Product on any User Means through 
20 verification of proper values of ProdCPd of such Product stored in portable 
and detachable tamper-proof data storage device, thus making such Product 
dedicated to the user owning such portable data storage device. The present 
invention also allows use of Product to be restricted to User Means of 
Installed Product through matching of IDCODE stored in such portable 
25 tamper-proof data storage device with IDCODE stored in such User Means or 
through execution of LicenCODE Authentication on such User Means. 
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ProdTP, IDCODE and ProdCPd are respectively supplied in the complete 
form by any one of, or in few parts by a combination of, at least the Dealer 
Means, User Means, ProdCard, UserCard, Product, Medium and Channel. 

5 Dealer Means executing LicenCODE Generation to generate LicenCODE for 
a Product requires ProdTP of such Product and optional CNCODE for such 
Product stored in such Dealer Means and IDCODE supplied by User Means 
through mass distribution channel means or manually delivered to such 
Dealer Means in a portable data storage device. The generated LicenCODE 
10 is subsequently sent by Dealer Means to User Means through mass 
distribution channel means or manually delivered to User Means in a 
portable data storage device. Prior to executing Product Installation, such 
User Means executes a combination of at least the processes of 
authenticating Match-pair condition and LicenCODE Authentication which 
1 5 comprises matching said LicenCODE with the check code generated by such 
User Means from IDCODE of such user Means and ProdTP of such Product. 
The present invention requires said LicenCODE generated by Dealer Means 
to be separated from Medium of Product for producing homogeneous Product 
to distribute to mass market. 

20 

User Means executing Product Installation without having Dealer Means to 
generate and supply LicenCODE is defined to execute a combination of at 
least the processes of authenticating Match-pair condition and generating 
LicenCODE of such Product from IDCODE of such User Means and ProdTP 
25 of such Product. ProdTP is supplied by ProdCard, or Medium of such Product, 
or Dealer Means through mass distribution channel means, or Dealer Means 
through a portable data storage device manually delivered to such User 
Means. After generating said LicenCODE, such User Means proceeds to 
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execute Product Installation as explained above without executing 
LicenCODE Authentication. 

The present invention requires data and processes relevant or dedicated to 
5 User Means for controlling use of Product being partially or completely stored 
and executed within a combination of at least the Dealer Means, Product, and 
one or more tamper-proof data storage device. It is to prevent any 
unauthorised means and people from tampering with said data and 
processes. 

10 

The present invention customises a tamper-proof data storage device with 
individual User Means by storing in such device the IDCODE of such User. 
Further customisation is realised by adjusting the subset of IDCODE. 

15 Most of tamper-proof data storage devices are required to be easily 
detachable from User Means and portable for easy distribution to mass 
market, whereas the stored data are essential to Product Installation and 
Product Application; it is therefore necessary to make provision for 
replacement of faulty or lost of such devices. The present invention requires 

20 the data and processes uniquely or exclusively related to individual User 
Means being stored in at least two such devices, so that replacement of one 
such device is executed By duplicating such data from another such device. 
However, such data duplication process also allows others to duplicate many 
such devices such that unauthorized use of Product on other User Means is 

25 possible. To overcome this problem, the present invention requires to disable 
duplication of ProdCPd at value of ProdCPd-endless for unlimited quantity of 
use of Product, to change part or whole of IDCODE of such User Means and 
such device for such User Means in each execution of such replacement 
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process; and further requires a Match-pair to execute Product Installation and 
optionally Product Application. 

The present invention refers said Match-pair to as at least one fixed tamper- 
5 proof data storage device called "UMIDmeans" permanently fixed onto each 
User Means e.g. a smart-card driver, and at least one portable tamper-proof 
data storage device called "UMIDcard" to be coupled with said UMIDmeans 
e.g. a smart-card. Both UMIDmeans and UMIDcard store the data and 
modalities necessary for execution of Product Application of Installed 
10 Products. As such, one may place said UMIDcard onto any UMIDmeans to 
use said Installed Products on any User Means if execution of Product 
Application of such Products requires no Match-pair condition between said 
UMIDcard and said any UMIDmeans. For each Match-pair, an unique 
identification code "UMID" is generated and stored together with optional 
15 CNCODE assigned for various considerations in both UMIDmeans and 
UMIDcard. An unique MatchCODE is derived from said UMID and optional 
CNCODE and stored in said UMIDmeans and UMIDcard. The present 
invention refers Match-pair condition to as successful execution of two tests, 
where the first test is to verify UMID and CNCODE stored in UMIDmeans with 
20 UMID and CNCODE stored in UMIDcard; and the second test is to execute 
MatchCODE Authentication which requires generation of a check code from 
said UMID and CNCODE for authenticating MatchCODE stored in said 
Match-pair. 

25 DESCRIPTION OF FIRST EMBODIMENT OF THE PRESENT INVENTION 

The first embodiment of the present invention describes the process of Dealer 
Means controlling use of Product distributed through mass distribution 
channel means. 
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1 . Verification of User Identity for Electronic Commerce Transaction 

In detail now and referring to FIGURE 1 it shows data Involved in 
5 communication between Dealer Means 20 and User Means 30 for verifying 
user identity in order to execute electronic commerce over mass distribution 
channels 23 and 32. Upon receiving request (not shown) of executing 
electronic commerce from User Means 30, a RandomNUM Generator 24 in 
Dealer Means 20 generates a random number RandomNUM 2313 and 

10 transmits via communication means ComMns 22 of Dealer Means through 
mass distribution channel 23 to User Means 30 and receives via 
communication means ComMns 33. In response, User Means 30 generates 
and sends TransactCODE 3204 and order data 3207 to Dealer Means 20 via 
ComMns 33 through mass distribution channel 32 to Dealer Means 20 via 

15 ComMns 22, where TransactCODE 3204 is generated by a TransactCODE 
Generator 34 (to be explained in FIGURE 1A later) and order data 3207 is 
the encrypted details of the ordered Product. 

FIGURE 1A shows the details of encryption process of a TransactCODE 
20 Generator 34 executed by User Means 30. The received RandomNUM 2313 
is verified by CHK VALIDITY 341 to confirm validity in accordance to 
predetermined rules, CODE ENCRYPT 342 then uses the verified 
RandomNUM 2313 to encrypt user's account codes AccountCODE 3002 and 
subsidiary codes SubCODE 3003, followed by MERGE ENCRYPT 343 to 
25 merge the result with the verified RandomNUM 2313 into TransactCODE 
3204. CODE ENCRYPT 342 also uses RandomNUM 2313 to encrypt details 
of the ordered Product like ProdTP 3005 and other data 3006 of the ordered 
Product to generate order data 3207. Finally both TransactCODE 3204 and 
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order data 3207 are sent to Dealer Means 20 as mentioned in FIGURE 1 
above. 



FIGURE 1B shows details of decryption process executed by Dealer Means 
5 20 to verify user identity. The received TransactCODE 3204 passes through 
SPLITCODE 251 to filter out RandomNUM 2313 which is then verified by 
CHK VALIDITY 252 to confirm whether it is the same random number sent 
previously to User Means 30. COMPARE CODE 254 compares the stored 
AccountCODE 2002 and SubCODE 2003 with the result of CODE DECRYPT 

1 0 253 generated by decryption of the remaining part of TransactCODE 3204 
using the verified RandomNUM 2313. Path 256 to approve electronic 
commerce request is activated upon confirmation of user identity through 
same AccountCODE and SubCODE being detected by COMPARE CODE 
254; otherwise, path 257 to reject such electronic commerce request is 

15 activated. 

2. Dealer Means Distribute Product and Control Use of Product via Mass 
Distribution Channel Means 

20 FIGURE 2 explains the data manipulation processes within Dealer Means 20 
and User Means 30 together with data transmission between Dealer Means 
20 and User Means 30 for minimizing unauthorised use of Product distributed 
by Dealer Means 20 through mass distribution channel means 23. In 
response to approval notice (not shown) for electronic commerce request 

25 received from Dealer Means 20, User Means 30 transmits stored 
identification codes IDCODE 3008 from ComMns 33 through mass 
distribution channel 32 via ComMns 22 to Dealer Means 20 as IDCODE 
3208. IDCODE 3008 or IDCODE 3208 are the identification codes of the 
User Means predetermined to use the ordered Product (in this embodiment 
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User Means 30 is assumed to be such User Means). A LicenCODE 
Generation 26 in Dealer Means 20 encrypts such IDCODE 3208 and ProdTP 
2005 stored in Dealer Means 20 to generate an unique LicenCODE 2315. 
Dealer Means 20 sends LicenCODE 2315 and ProdTP 2305 of the ordered 
5 Product together with the ordered Product (optional, not shown) e.g. 
computer software, via ComMns 22 through mass distribution channel 23 to 
User Means 30 via ComMns 33. Thereafter, User Means 30 executes 
LicenCODE Authentication 35 to compare LicenCODE 2315 with the result 
generated by encrypting IDCODE 3008 and ProdTP 2305 in order to execute 
10 Product Installation to store or create data in User Means 30, where such 
data is necessary for subsequent use of the ordered Product. 

User usually receives the ordered Product distributed through mass 
distribution channel means earlier than settlement of payment. In order to 

15 enable certain fixed quantity of use of such Product prior to settlement of 
payment, Dealer Means 20 sends value at ProdCPd-limited to store into 
ProdCPd of ordered Product in User Means 30. Such quantity of use is 
reduced progressively towards the value of ProdCPd-ended while use of 
ordered Product is in progress. Such value at ProdCPd-ended will disable 

20 use of ordered Product on User Means 30. Thereafter should payment be 
settled, Dealer Means 20 sends value at ProdCPd-endless to store into 
ProdCPd of ordered Product in User Means 30 for unlimited quantity of use of 
ordered Product on User Means 30. As such, it makes provision to disable 
use of ordered Product should there be default payment. 

25 

The process to change User Means for the Installed Product, i.e., the ordered 
Product having completed execution of Product Installation on such User 
Means, is explained in FIGURE 2A. Step 931 initiates the request to change 
User Means 30 to User Means 38, followed by step 932 to execute 
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LicenCODE Authentication to confirm proper execution of Product Installation 
for such Product on User Means 30. Step 933 deletes LicenCODE and value 
at ProdCPd-endless stored in ProdCPd of such Product in User Means 30 
and step 934 sends IDCODE 3008 of User Means 30 including ProdTP of 
5 such Product to Dealer Means 20. Step 941 in Dealer Means 20 then 
matches IDCODE 3008 and such ProdTP with the record stored in Dealer 
Means 20. Upon confirming the matching, step 942 generates and stores 
RandomNUM followed by step 943 to send such RandomNUM to User 
Means 30. At step 935, user transfers such RandomNUM from User Means 
10 30 to User Means 38, whereby in step 945 sends such RandomNUM and 
IDCODE 3808 of User Means 38 to Dealer Means 20 to request in step 944 
to generate new LicenCODE for such Product based on IDCODE 3808 and 
such ProdTP. Thereafter, Dealer Means 20 replaces IDCODE 3008 by 
IDCODE 3808 in the record to prepare next request of changing User Means 
15 38 to other User Means, and sends such new LicenCODE to User Means 38 
to execute Product Installation of ordered Product on User Means 38 by 
matching such new LicenCODE to the result generated by encrypting 
IDCODE 3808 and ProdTP of ordered Product in order to store or create in 
User Means 38 the data necessary for the use of ordered Product on User 
20 Means 38. 

Process in FIGURE 2A has the first disadvantage in that upon User Means 30 
failing to send IDCODE 3008 to Dealer Means 20 to request RandomNUM 
e.g. due to faulty User Means, re-installation of such Product on other User 
25 Means is not feasible. The second disadvantage is the process vulnerability 
to unauthorized duplication of LicenCODE and ProdCPd-endless 
(hereinafter "derived codes") for execution of Product Application in more 
than one User Means. It is possible to duplicate such derived codes 
elsewhere, then execute process in Fig 2A, such that the deleted drived 
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codes in User Means 30 is restorable for continuous use of such Product on 
User Means 30. 



5 DESCRIPTION OF SECOND EMBODIMENT OF THE PRESENT 
INVENTION 

The second embodiment of the present invention describes the processes of 
adopting Match-pair to control use of Product distributed through mass 
1 0 distribution channel means. 



1 . Install Match-pair 

The present invention describes another embodiment to overcome the 
15 disadvantages of the first embodiment by requiring creation of individual 
UMIDmeans and UMIDcard Match-pair for individual User Means and using 
individual ProdCard for each Product. All the essential data like IDCODE, 
ProdTP, LicenCODE, ProdCPd etc. necessary for execution of LicenCODE 
Authentication, Product Application and other essential processes are stored 
20 in UMIDmeans, UMIDcard and ProdCard which are tamper-proof data 
storage devices and mostly detachable from User Means, it is practically not 
possible to duplicate said data -stored in such devices and failure of User 
Means will not affect proper execution of such devices on other User Means. 
Furthermore, there are other advantages that will be explained subsequently 
25 in FIGURE 3 to 7C. 

IDCODE 3008 of User Means 30 (similar to IDCODE 3808 of User Means 38 
or IDCODE of other User Means) mentioned in FIGURE 2A above are 
generated and stored in UMIDmeans 40 and UMIDcard 50 as shown in 
30 FIGURE 3, wherein IDCODE 3008 comprises mainly, but not limited to UMID 
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and CityCODE. Process 80 in FIGURE 3 describes the creation of a Match- 
pair of UMIDcard and UMIDmeans for individual User Means. UMIDcard is 
the portable tamper-proof data storage device which couples and works with 
UMIDmeans. UMIDmeans is a tamper-proof data storage device permanently 
5 coupled to User Means. 

Process 80 begins with verification of proper UMIDcard and UMIDmeans (not 
shown) used in execution of process 80. It is mainly to ensure no UMID is 
stored in UMIDmeans and UMIDcard. Thereafter, step 801 copies CityCODE 

10 5018 in UMIDcard 50 into UMIDmeans 40 as CityCODE 4018 for making 
both UMIDmeans 40 and UMIDcard 50 storing the same CityCODE which 
forms part of IDCODE to relate said User Means to the geographical area 
and user group specified by CityCODE 5018. Subsequently, step 802 
generates a random number UMID for said User Means, and step 803 

15 derives MatchCODE from such UMID, CardTP 5019 of UMIDcard 50, 
CityCODE 4018 and MeansTP 4020 of UMJDmeans 40 to make such 
MatchCODE uniquely related to such UMID, CardTP, CityCODE and 
MeansTP. Finally, step 804 stores such MatchCODE into UMIDmeans 40 as 
MatchCODE 4014 and UMIDcard 50 as MatchCODE 5014, and step 805 

20 stores such UMID into UMIDmeans 40 as UMID 4009 and UMIDmeans 50 as 
UMID 5009. UMIDmeans 40 and UMIDcard 50 are thereby created as a 
Match-pair for such User Means. 

In execution of some processes like installing Product onto User Means (to 
25 be explained later), it is necessary to confirm whether UMIDmeans and 
UMIDcard have the same IDCODE and uniquely linked to each other as a 
Match-pair. Such confirmation is executed in a 2-step test as shown by 
process 81 in FIGURE 3A. Step 81 1 executes the first test to confirm whether 
CityCODE 5018 and UMID 5009 in UMIDcard 50 are the same as CityCODE 
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4018 and UMID 4009 in UMIDmeans 40 respectively. Step 812 then 
executes the second test to derive code from CardTP 5019 of UMIOcard 50 
and CityCODE 4018, UMID 4009 and MeansTP 4020 in UMIDmeans 40 
followed by confirming that such code is the same as MatchCODE 4014 in 
5 UMIDmeans 40. Upon successful confirmation of the above 2 tests 
(hereinafter called "Match-pair Authentication"), UMIDcard 50 and 
UMIDmeans 40 are confirmed as a Match-pair. 

2. Installation for Limited Use of Product Received through Mass 
1 0 Distribution Channel Means Prior to Settlement of Payment 

FIGURE 4 explains the Product Installation process 82 of involving Match- 
pair to enable limited quantity of use of Product prior to settlement of 
payment. Step 821 begins process 82 by initiating step 822 to execute Match- 

15 pair Authentication, failure of step 822 evades process 82 whereas success 
of step 822 activates step 823 and step 824 to confirm that no LicenCODE of 
such Product is stored in UMIDmeans 40 and UMIDcard 50 as the way to 
ensure no prior execution of Product Installation of such Product to avoid 
duplicated installation of such Product. Process 82 is evaded if such 

20 LicenCODE is found in either UMIDmeans 40 or UMIDcard 50, otherwise 
step 825 LicenCODE Authentication is executed by matching LicenCODE 
2315 received from Dealer Means 20 (see FIGURE 2) to check code derived 
from IDCODE (not shown) stored in UMIDmeans 40 and ProdTP 2305 
supplied by Dealer Means 20 as the way to confirm LicenCODE 2315 is 

25 properly generated for the Match-pair of UMIDmeans 40 and UMIDcard 50. 
Failure in step 825 evades process 82; otherwise, step 826 stores 
LicenCODE 2315 in UMIDcard SO and stores value at ProdCPd-limited 
supplied by such Product in ProdCPd of such Product in UMIDcard 50 to 
enable limited quantity of use of such Product {to be explained in FIGURE 4 A 
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later): Finally, step 827 stores LicenCODE 2315 in UMIDmeans 40 and 
stores value at ProdCPd-ended supplied by such Product in ProdCPd of such 
Product in UMIDmeans 40 as the record of execution of such Product 
Installation process in order to disable future installation of such Product for 
5 free evaluation (to be explained in FIGURE 9 of fourth embodiment). 

Process 83 in FIGURE 4A explains the execution of controlled use of 
Installed Product on User Means. UMIDcard 50 having value stored in 
ProdCPd of such Product is coupled with UMIDmeans (not shown) of any 
1 0 User Means to execute process 83 to use such Product on such User Means. 
Upon initiation of request to use such Product (not shown), for the case that 
use of such Product is permitted only on the User Means of Installed Product, 
step 831 executes Match-pair and LicenCODE Authentication to confirm 
UMIDcard 50 and UMIDmeans (not shown) being a Match-pair and such 
15 Product being the Installed Product of said Match-pair. Subsequently, step 
832 is invoked to check whether value of ProdCPd-endless is stored in 
ProdCPd of such Product in UMIDcard 50. Upon confirmation of finding such 
ProdCPd-endless, step 833 is called to proceed with use of such Product; 
otherwise, step 834 is invoked to check whether value at ProdCPd-ended is 
20 stored in ProdCPd of such Product in UMIDcard 50. Upon confirmation of 
finding such ProdCPd-ended, step 835 is called to evade use of such 
Product. If not, the use of such Product proceeds in steps 837. While use of 
such Product is in progress, step 836 constantly modifies value of ProdCPd of 
such Product in UMIDcard 50 towards the value at ProdCPd-ended. Use of 
25 such Product is disabled upon value of ProdCPd in UMIDcard 50 reaching 
ProdCPd-ended. Thus, execution of Product Installation of such Product 
allows predetermined quantity of use of such Product specified by the value 
at ProdCPd-limited stored in ProdCPd of such Product in UMIDcard 50. 
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It is obvious to the one skilled in art that by ignoring step 831 to allow Product 
Application to be executed on any User Means, such Product is restricted 
only to the user using UMIDcard 50; otherwise, execution of step 831 will 
make use of such Product dedicated to predetermined User Means 
5 associated with such Match-pair of UMIDmeans and UMIDcard 50. 

3. Installation for Unlimited Use of Product Received through Mass 
Distribution Channel Means After Settlement of Payment 

10 As explained in FIGURE 4A, user may use Installed Product indefinitely on 
any User Means if value at ProdCPd-endless is stored in ProdCPd of such 
Product in UMIDcard, while Match-pair and LicenCODE Authentication is 
ignored. Process 84 in FIGURE 5 explains the creation of such ProdCPd- 
endless in ProdCPd of such Product in UMIDcard. After settlement of 

15 payment, ProdCard 60 of such Product is dispatched to such User Means to 
be coupled with UMIDmeans 40. Step 841 of process 84 requests step 842 to 
verify proper codes being stored in ProdCard 60 for executing process 84 
and CityCODE (not shown) stored in ProdCard 60 being the same as 
CityCODE (not shown) stored in UMIDmeans 40 to confirm such ProdCard 

20 conforming to same geographical area and user group of Match-pair. 
Thereafter, step 843 LicenCODE Authentication is executed to match 
LicenCODE stored in UMIDmeans 40 with check code derived from IDCODE 
stored in UMIDmeans 40 and ProdTP (not shown) supplied by ProdCard 60 
as the way to ensure such Product having been installed properly by process 

25 82. Failure in step 843 evades process 84; otherwise, step 844 is activated to 
store ProdUMID into ProdCard 60 for customising ProdCard 60 with such 
Match-pair of UMIDmeans 40 and UMIDcard 50. Step 845 stores into 
ProdCPd 5021 in UMIDcard 50 the value at ProdCPd-limited for 
predetermined quantity of use of such Product and stores into ProdCPd 4021 
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in UMIDmeans 40 the value at ProdCPd-limited for restoring such limited 
quantity of use of such Product (to be explained in FIGURE 7C later). Finally, 
step 846 transfers ProdCPd-endless 6024, if there is, from ProdCard 60 to 
overwrite such ProdCPd-limited in ProdCPd 5021 of such Product in 
5 UMIDcard 50 and then erases ProdCPd-endless 6024 in ProdCard 60. Value 
at ProdCPd-endless stored in ProdCPd of such Product in UMIDcard 50 will 
not be changed in conjunction with use of such Product. 

4. Change Match-pair of Installed Products 

10 

Match-pair for individual Installed Product is changeable through process 85 
in FIGURE 6. ProdCard 60 of such Product is coupled with UMIDmeans 40 to 
commence process 85 by having step 851 to request step 852 to verify 
whether ProdUMID (not shown) stored in ProdCard 60 is the same as the 

15 ProdUMID (not shown) stored in UMIDmeans 40, and step 853 LicenCODE 
Authentication further ensures such Product is the Installed Product of the 
Match-pair consisting of UMIDmeans 40 and UMIDcard 50. Thereafter, step 
854 clears ProdUMID in ProdCard 60 and step 855 transfers ProdCPD- 
endless in ProdCPd 5021 of such Product in UMIDcard 50 back to ProdCard 

20 60 as ProdCPd-endless 6024, thus ProdCard 60 is available to execute 
Product Installation of such Product on any Match-pair associated with any 
User Means. Finally step 856 erases LicenCODE 4015, LicenCODE 5015, 
ProdCPd 4021 and ProdCPd 5021 of said Product stored respectively in 
UMIDmeans 40 and UMIDcard 50 to disable use of such Product on such 

25 Match-pair of UMIDmeans 40 and UMIDcard 50. 

Product Installation of such Product on any other Match-pair consisting of 
UMIDmeans 48 and UMIDcard 58 is executed by process 86 in FIGURE 6A, 
using ProdCard 60 without involving Dealer Means 20 to re-generate 
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LicenCODE. Upon coupling ProdCard 60 with UMIOmeans 48, step 861 
initiates step 862 to verify whether ProdCard 60 is suitable to execute 
process 86 on such Match-pair by confirming that no ProdUMID is stored in 
ProdCard 60 and that the same CityCODE {not shown) of such Match-pair is 
5 stored in Prodcard 60 to ensure compatibility in geographical area and user 
group. Thereafter, LicenCODE Generation in step 863 generates 
LicenCODE (not shown) from ProdTP supplied by ProdCard 60, and 
IDCODE by UMIDmeans 48, respectively. Step 864 then stores into 
ProdCard 60 the ProdUMID supplied by UMIDmeans 48 to customise 

10 ProdCard 60 with such Match-pair of UMIDmeans 48 and UMIDcard 58, and 
step 865 stores such LicenCODE as LicenCODE 4815 and LicenCODE 
5815 and stores the value at ProdCPd-limited in ProdCPd 4821 and 
ProdCPd 5821 for predetermined quantity of use of such Product. Finally, 
step 866 transfers ProdCPd-endless 6024, if there is, from ProdCard 60 to 

15 overwrite such ProdCPd-limited in ProdCPd 5821 in UMIDcard 58, followed 
by erasing ProdCPd-endless 6024 in ProdCard 60. 

5. Replacing Faulty or Missing UMIDmeans or UMIDcard of a Match-pair 

20 Data relevant or dedicated to User Means and essential for executing 
Product Installation and Product Application are stored in both UMIDmeans 
and UMIDcard of each match-pair. It is necessary to duplicate such data in 
new device for creating replacement of faulty or lost device. The present 
invention refers such device to as UMIDmeans and UMIDcard and such new 

25 device to as such device yet to be used to form a Match-pair. Meanwhile 
provision must also be in place to make the abandoned device (i.e. the faulty 
or lost UMIDmeans or UMIDcard) irrelevant to the new Match-pair which 
consists of an existing device and a new device. 
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The present invention requires replacement of one device at a time. The 
abandoned device is made irrelevant to the new Match-pair through the 
process of generating new UMID for the new Match-pair. The present 
invention requires to use ProdCard of Installed Product to generate new 
5 LicenCODE of such Product in such new Match-pair for such new UMID, and 
further requires to customise ProdCard with the new Match-pair by storing 
new ProdUMID derived from such new UMID in such ProdCard to prevent 
execution of Product Installation on other Match-pair. Finally, it is necessary 
to create records of all Installed Product in new Match-pair to prevent 
10 duplicated execution of Product Installation of such Product on new Match- 
pair for free use (to be explained in FIGURE 9 later). 



FIGURE 7 shows process 87 in details to create new Match-pair consisting of 
new UMIDmeans 44 and existing UMIDcard 50. After replacing existing 
15 UMIDmeans 40 by new UMIDmeans 44 and coupling existing UMIDcard 50 
with UMIDmeans 44, step 871 copies CityCODE 5018 in UMIDcard 50 into 
UMIDmeans 44 as CityCODE 4418 to make both UMIDmeans 44 and 
UMIDcard 50 applicable to same geographical area and user group specified 
by CityCODE 5018. Next, step 872 generates new UMID followed by step 
20 873 to derive new MatchCODE from such new UMID, together with CardTP 
5019 in UMIDcard 50 and CityCODE 4418 and MeansTP 4420 in 
UMIDmeans 44 respectively. Thereafter, step 874 stores such new 
MatchCODE in UMIDmeans 44 as MatchCODE 4414 and replaces existing 
MatchCODE in UMIDcard 50 as MatchCODE 5014. Subsequently, step 875 
25 erases LicenCODE 5015 of all Installed Products, and step 876 retains 
ProdCPd-endless 5024 of all Installed Products in UMIDcard 50 followed by 
creating ProdCPd-ended in ProdCPD 5021 for all Installed Products and 
coping such ProdCPd-ended from ProdCPd 5021 to UMIDmeans 44 as 
ProdCPd 4421. Finally, step 877 copies existing Old UMID 5010 in UMIDcard 
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50 to UMIDmeans 44 as Old UMID 4410 (the purpose of retaining existing 
Old UMID will be explained in FIGURE 7B), and step 878 stores such new 
UMID in UMIDcard 50 as New UMID 501 1 and in UMIDmeans M a s New 
UMID 441 1 . At this stage, execution of process 87 to create new Match-pair 
5 consisting of new UMIDmeans 44 and existing UMIDcard 50 is completed 
and UMID of such new Match-pair is such new UMID. 



FIGURE 7A shows a process 88 in details to create new Match-pair 
consisting of existing UMIDmeans 40 and new UMIDcard 55. After coupling 

10 new UMIDcard 55 with existing UMIDmeans 40, step 881 ensures CityCODE 
5518 in UMIDcard 55 is the same as CityCODE 4018 in UMIDmeans 40. 
Next, step 882 generates new UMID followed by step 883 to derive new 
MatchCODE from such new UMID together with CardTP 5519 in UMIDcard 
55, and CityCODE 4018 and MeansTP 4020 in UMIDmeans 40. Next, step 

15 884 stores such new MatchCODE in MatchCODE 5514 and replaces existing 
MatchCODE in MatchCODE 4014 by such new MatchCODE. Subsequently, 
step 885 erases LicenCODE 4015 of all Installed Products, while step 886 
creates values at ProdCPd-ended in ProdCPD 4021 for all Installed Products 
and copies such ProdCPd-ended from ProdCPd 4021 to ProdCPd 5521 in 

20 UMIDcard 55. Finally, step 887 copies existing Old UMID 4010 in 
UMIDmeans 40 to UMIDcard 55 as Old UMID 5510, and step 868 stores such 
new UMID in UMIDmeans 40 as New UMID 401 1 and in UMIDcard 55 as 
New UMID 5511. At this stage, execution of process 88 to create new Match- 
pair consisting of new UMIDcard 55 and existing UMIDmeans 40 is 

25 completed and UMID of such new Match-pair is such new UMID. It is clear to 
the one skilled in the art that only the abandoned UMIDcard 50 (not shown) 
stores ProdCPd at values of ProdCPd-endless for all Installed Products. It 
also follows that ProdCPd-endless is not retained in process 88 and prevents 
new UMIDcard 55 to store any ProdCPd-endless for the Installed Product. As 



«nnr.iD: <wo 



9903031A1 I > 



WO 99/03031 



PCT/SG98/00053 



34 

such, it prevents creation of ProdCPd-endless for Installed Product in multiple 
UMIDcards. 

Process 89 in FIGURE 7B explains the details of a process to re-enable 
5 Product Application of Installed Products after replacing UMIDmeans 40 by 
new UMIDmeans 44. Execution of process 89 is required for each Installed 
Product by using respective ProdCard to create new LicenCODE of such 
Product from new UMID, thereafter customising such ProdCard with new 
Match-pair. When one couples ProdCard 60 of individual Installed Product 

10 and existing UMIDcard 50 with new UMIDmeans 44 concurrently or 
separately, step 891 initiates step 892 to verify that ProdCard 60 is dedicated 
to old UMID by testing the existence of old ProdUMID in ProdCard 60. If the 
testing fails, process 89 is evaded; otherwise, step 893 derives LicenCODE 
for such Product from new ProdUMID and other subset of IDCODE stored in 

15 UMIDmeans 44. Subsequently, step 894 replaces old ProdUMID (not shown) 
in ProdCard 60 by new ProdUMID to customise ProdCard 60 with new 
Match-pair, and step 895 stores such LicenCODE of such Product In 
LicenCODE 5015 and LicenCODE 4415 followed by replacing existing value 
of ProdCPd 5021 and ProdCPd 4421 of such Product by ProdCPd-limited. 
20 Finally, step 896 transfers the retained ProdCPd-endless 5024 of such 
Product to replace existing ProdCPd-limited which is created by step 895 in 
ProdCPd 5021. 

Process 89 is also applicable to replacement of UMIDcard 50 by new 
25 UMIDcard 55 except that step 896 is not required due to non existence of 
ProdCPd-endless in ProdCPd in new UMIDcard 55. 

As explained in FIGURE 4A, UMIDcard having value at ProdCPd-endless 
stored in ProdCPd of Installed Product allows unlimited quantity of use of 
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such Product on the Match-pair of such Product or on any Match-pair if use of 
such Product does not require a Match-pair. Value at ProdCPd-limited stored 
in ProdCPd of such Product only allows predetermined quantity of use of 
such Product as specified by such ProdCPd-limited. It is because such 
5 ProdCPd-limited will be modified towards ProdCPd-ended while use of such 
Product is in progress. Such ProdCPd storing no value at ProdCPd-endless 
is caused by replacement of UMIDcard as explained in 7A and 7B above. 



As explained in FIGURE 7 and 7A, UMID of a Match-pair is changed after 
10 replacement of UMIDmeans or UMIDcard. Such change in UMID firstly 
disables use of Installed Products on any User Means if one uses the 
abandoned UMIDcard to execute Product Application requiring a Match-pair. 
Secondly, such change in UMID also limits use of Installed Products on any 
User Means to the quantity of use of such Product specified by ProdCPd- 
15 limited of such Product in the abandoned UMIDcard, if one uses such 
abandoned UMIDcard to execute Product Application not requiring a Match- 
pair. After value of ProdCPd having reached ProdCPd-ended, such 
abandoned UMIDcard for such Product is useless because restoration of 
such ProdCPd-limited in such abandoned UMIDcard can only be executed 
20 by the Match-pair on which Product Installation of such Product is executed. 

The present invention allows restoration of ProdCPd-limited in ProdCPd of 
Installed Product in UMIDcard of a Match-pair for achieving practically 
unlimited quantity of use of such Product on any User Means, if one uses 
25 such UMIDcard to execute Product Application not requiring a Match-pair. 
Process 90 in FIGURE 7C explains such restoration process in details. By 
coupling UMIDcard 55 with UMIDmeans 40, step 901 initiates step 902 to test 
whether UMIDmeans 40 and UMIDcard 55 are the Match-pair. Failure to step 
902 calls step 903 to evade process 90; otherwise, success of <step 902 
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causes steps 904 and 905 to test whether value of ProdCPd 4021 of each 
Installed Product is greater than the value of ProdCPD 5521 of such Product. 
This is followed by activating the optional step 906 to execute LicenCODE 
Authentication of such Product, prior to activating step 907 to replace value of 
5 ProdCPd 5521 of such Product by the value at ProdCPd-limited (not shown) 
stored in ProdCPd 4021 of such Product, if value of ProdCPd 4021 is greater 
than the value of ProdCPd 5521. Step 908 will complete process 90 for all 
Installed Products in UMIDcard 55 after executing step 904 to 907 for each of 
such Installed Products. 
10 -v. : -&'%?'^> - ~ . 

DESCRIPTION OF THIRD EMBODIMENT OF THE PRESENT INVENTION 

The third embodiment of the present invention requires no involvement of 
15 Dealer Means, but requires a Match-pair of UMIDmeans and UMIDcard. 
Referring to FIGURE 6A again, the present invention requires individual 
ProdCard 60 for each Product being distributed toge1^^^^;§w^ Product 
e.g. packaged box software, to users in mass market. Produ^^staTlation of 
such Product on any User Means associated with a Match-^j^ris^handled by 
20 process 86 as explained in FIGURE 6A above. Z^Sfz: 

Execution of controlled use of such Installed Product on^ User Means is 
handled by process 83 as explained in FIGURE 4A above. 

25 Process 85 in FIGURE 6 as explained above prepares ProdCard 60 for 
allowing such Installed Product to change User Means^assocrated with 
another Match-pair. 
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Process 89 to re-enable Product Application of such Installed Product is 
already explained in FIGURE 7B above. Execution of process 89 is 
necessary due to change of UMID caused by replacing UMIDmeans 40 by 
new UMIDmeans 44 or replacing UMIDcard 50 by new UMIDcard 55, 

5 

If a Product has no value of ProdCPd-endless for ProdCPd stored in 
UMIDcard to allow unlimited quantity of use of such Product on any User 
Means, as explained in FIGURE 7C above, process 90 is invoked to restore 
value of ProdCPd-limited into such ProdCPd for achieving practically 
1 0 unlimited quantity of use of such Product on any User Means. One reason of 
causing such ProdCPd without value of ProdCPd-endless is replacement of 
UMIDcard. 

15 DESCRIPTION OF FOURTH EMBODIMENT OF THE PRESENT 
INVENTION 

The fourth embodiment of the present invention describes the processes of 
controlling limited quantity of use of Products sold for occasional use like pay 
20 per use, contracted period of use etc. Such Products are mainly distributed 
through mass distribution channel means or dispatched in Medium. For this 
embodiment, verification of User Identity for executing electronic commerce is 
already described in Figure 1, 1A and 1B. 

25 Referring to FIGURE 8, data manipulation and data communication between 
Dealer Means 20 and User Means 30 is similar to FIGURE 2, except that 
FIGURE 8 requires UMIDcard 50 to generate and store at least one random 
number RandomNUM 5013. This random number is required by Dealer 
Means 20 to generate unique and different LicenCODE for each occasional 

30 use request of same Product by the same User Means. UMIDmeans 40 and 
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UMIDcard 50 are not necessary a Match-pair for selling use of such Product 
on any User Means. UMIDcard 50 sends RandomNUM 5013 together with 
IDCODE 5008 through UMIDmeans 40 via communication means ComMns 
33 through mass distribution channel (not shown) to Dealer Means 20 as 
5 RandomNUM 3213 and IDCODE 3208 respectively. A LicenCODE 
Generation 26 in Dealer Means 20 then derives LicenCODE of Product from 
IDCODE 3208, RandomNUM 3213 and ProdTP 2005 of such Product stored 
in Dealer Means 20 respectively. Finally, Dealer Means 20 sends such 
LicenCODE as LicenCODE 2315 via communication means ComMns 22 
10 through mass distribution channel 23 and via ComMns 33 to User Means 30. 
It should be obvious to the one skilled in the art that such random number can 
also be generated by Dealer Means 20 instead of by UMIDcard 50 for 
achieving the same purpose of deriving unique and different LicenCODE for 
each occasional use request. 

15 

Subsequently, a process 91 in FIGURE 8A executes Product Installation of 
such Product when one couples UMIDcard 50 with UMIDmeans 40 to 
activate step 911 to initiate step 912 to match LicenCODE 2315 with check 
code derived from ProdTP supplied by such Product (not shown), IDCODE 

20 5008 and RandomNUM 5013 stored in UMIDcard 50 for confirming such 
Product being dedicated to UMIDcard 50. If not, step 912 evades process 91; 
otherwise, step 912 proceeds to step 913 to erase RandomNUM 5013 as the 
way to disable subsequent execution of Product Installation of such Product. 
Next, step 914 stores the value at ProdCPd-limited supplied by such Product 

25 or Dealer Means 20 into ProdCPd 5021 of such Product to enable 
subsequent execution of Product Application of such Product through 
UMIDcard 50, whereby such ProdCPd-limited restricts use of such Product by 
predetermined quantity of use. Finally, the optional step 915 creates value at 
ProdCPd-ended in ProdCPd 4021 of such Product in UMIDmeans 40 to 
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disable execution of Product Application of such Product for free evaluation 
which will be explained in FIGURE 9 later. 

5 DESCRIPTION OF FIFTH EMBODIMENT OF THE PRESENT INVENTION 

Commercial practice of allowing free predetermined quantity of use of 
Product for evaluation is common. The fifth embodiment of the present 
invention explains process 92 in FIGURE 9 for said purpose, where step 921 

10 initiates step 922 to confirm whether UMIDmeans 40 and UMIDcard 50 are 
unique Match-pair. If not, step 922 evades process 92; otherwise, steps 923 
and 924 ensure no prior free use of such Product on such Match-pair by 
confirming non existence of ProdCPd 5021 of such Product in UMIDcard 50 
and ProdCPd 4021 of such Product in UMIDmeans 40. Finally, step 925 

15 stores value at ProdCPd-limited supplied by such Product or Dealer Means 
20 in ProdCPd 5021 of such Product, and step 926 creates record of free use 
in UMIDmeans 40 by storing value at ProdCPd-ended in ProdCPd 4021 of 
such Product. 

20 



DESCRIPTION OF SIXTH EMBODIMENT OF THE PRESENT INVENTION 

25 The sixth embodiment of the present invention describes the method of 
controlling use of Product stored in Medium and distributed to user at the 
point of sales e.g. audio and video Products distributed in cassette or optical 
disk. Referring to FIGURE 10, user supplies UMIDcard 50 to Dealer Means 
20 where a LicenCODE Generation 26 derives LicenCODE of Product 71 
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from IDCODE 5008 of User Means 30 and ProdTP 2005 of such Product 
according to encryption modality EncryCODE 2025 of such Product. The 
IDCODE 5008 is stored in UMIDcard 50 and ProdTP 2005 is stored in Dealer 
Means 20. Thereafter, such LicenCODE is stored in UMIDcard 50 as 
5 LicenCODE 5015. 



User couples Product 71 and UMIDcard 50 with User means 30 to initiate use 
of Product 71 on User Means 30. A LicenCODE Authentication 35 compares 
LicenCODE 5015 stored in UMIDcard 50 with the check code derived from 

10 IDCODE 3008 stored in User Means 30 and ProdTP 7105 supplied by 
Product 71 according to decryption modality DecryCODE 7126 stored in 
Product 71. Proper match of LicenCODE 5015 with such check code enables 
one to use Product 71 on User Means 30. It is understood by the one skilled 
in the art that using IDCODE 5008 stored in UMIDcard 50 for generating said 

1 5 check code allows one to use such Product on any User Means. 



DESCRIPTION OF SEVENTH EMBODIMENT OF THE PRESENT 
INVENTION 

20 

The seventh embodiment of the present invention describes a method of 
controlling receipt of Product disseminated as broadcasted signal via mass 
distribution channel means. User supplies UMIDcard 50 to Dealer Means 20. 
where a LicenCODE Generation 26 derives LicenCODE from IDCODE 5008 
25 stored in UMIDcard 50 and ProdTP 2005 stored in Dealer Means 20. Such 
LicenCODE is stored in UMIDcard 50 as LicenCODE 5015. Optionally, a 
CHANGE DecryCODE 27 replaces decryption modality DecryCODE 5026 
stored in UMIDcard 50. 
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User couples UMIDcard 50 with User Means 30 to initiate receipt of such 
Product by User Means 30. A LicenCODE Authentication 35 compares 
LicenCODE 5015. stored in UMIDcard 50 with the check code derived from 
IDCODE 3008 stored in User Means 30 and ProdTP 1305 of Product 
5 received from mass distribution channel means according to the decryption 
modality DecryCODE 5026 stored in UMIDcard 50. A proper match of 
LicenCODE 5015 with such check code activates RECEIVER CONTROL 37 
to receive such Product. It is understood by the one skilled in the art that 
using IDCODE 5008 stored in UMIDcard 50 for generating said check code 
1 0 allows one to use any User Means to receive such Product. 



DESCRIPTION OF EIGHTH EMBODIMENT OF THE PRESENT 
INVENTION 

15 

The eighth embodiment of the present invention describes a method of 
controlling access to data stored in a Central Means. Referring to FIGURE 
12, user couples UserCard 70 with UMIDmeans 40 to request access right, 
such request (not shown) is sent to a Central Means 10 via ComMns 33 

20 through transmission channel 31 and via ComMns 11 to Central Means 10. 
Upon receipt of such request, a RandomNUM Generator 14 of the Central 
Means 10 generates an unique RandomNUM 1313 for such request and 
sends RandomNUM 1313 via ComMns 11 through transmission channel 13 
and via ComMns 33 to User Means 30. Thereafter, a TransactCODE 

25 Generator 34 of User Means 30 derives unique TransactCODE 3104 from 
RandomNUM 1313, UserlD 7001 and SubCODE 7003 retrieved from the 
UserCard 70 and sends TransactCODE 3104 via ComMns 33 through 
transmission channel 31 and via ComMns 11 to Central Means 10. Upon 
receipt of TransactCODE 3104, TransactCODE Authentication 15 of Central 
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Means 10 authenticates TransactCODE 3104 to verify the user's identify 
before granting user the access right. 

FIGURE 12A explains the process of TransactCODE Generator 34 in details. 
5 RandomNUM 1313 received from Central Means 10 is firstly verified by CHK 
VALIDITY 701 according to predetermined rules. A CODE ENCRYPT 702 
then generates TransactCODE 3104 by using verified RandomNUM 1313 to 
encrypt UserlD 7001 and SubCODE 7003. 

FIGURE 12B explains the process of TransactCODE Authentication 15 in 
details. Upon receipt of TransactCODE 3104 from User Means 30, a CODE 
DECRYPT 151 of Central Means 10 uses the stored RandomNUM 1313 to 
decrypt TransactCODE 3104 into user identity codes and passes such user 
identity codes to a COMPARE CODE 152 to compare with the stored UserlD 
1001 and SubCODE 1003. Step 153 acts upon the result of such comparison 
to activate path 1 54 on the result of proper match by granting such user the 
access right or to activate path 155 on the result of mismatch by rejecting 
access request of such user. 

20 While the present invention has been described particularly with reference to 
FIGURE 1 to 12B with emphasis on a method and system for protecting 
intellectual property products distributed in mass market, it should be 
understood that the figures are for illustration only and should not be taken as 
a limitation on the invention. In addition, it is clear that the method and system 

25 of the present invention have utility in many applications where secure 
electronic transmission and verification of information are required. It is 
contemplated that many changes and modifications may be made by one of 
ordinary skill in the art without departing from the spirit and the scope of the 
invention as described. 



10 



15 
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CLAIMS 

11. A method for maximising the security of distributing intellectual 

2 property products over a channel, said channel hiaving at least one Dealer 

3 Means communicating with at least one User Means, said method comprising 

4 the steps of: 

5 .; . 

6 assigning identification codes ProdTP for each said products and 

7 IDCODE for each said User Means respectively; 

8 " 

9 requiring said Dealer Means to generate a LicenCODE from a first 
10 combination of at least said ProdTP and said IDCODE, said User 
H Means further generating a Checkcode from a second combination of 
12 at least said ProdTP and said IDCODE; and 

13 

14 controlling the use of said products on any said User Means by 

15 executing a third combination of processes- tor-authenticating said 

16 LicenCODE with said Checkcode, ^ .*^T 

iy -, < %:; ^ f »v ^i. * 

18 whereby embedding at least said ProdTPlfPa tamper-proof data 

19 storage device to be used with any User Means minimises the 

20 unauthorised use of said products over said channel. 
21 

1 2. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said LicenCODE is. the same as the 

3 said Checkcode, said LicenCODE being generated by said Dealer Means. 
4 
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1 3. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said LicenCODE is generated by 

3 said Dealer Means and said Checkcode is generated by said User Means, 

4 said Checkcode further incorporating at least a portion of said LicenCODE. 
5 

1 4. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said first combination is the same as 

3 the second combination. 
4 

1 5. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the use of said products on any said 

3 User Means comprises the installation of said products on any said User 

4 Means. 
5 

1 6. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the use of said products on any said 

3 User Means comprises the application of said products on any said User 

4 Means. 
5 

1 7. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the use of said products on any said 

3 User Means comprises the activation of the use of said products on any said 

4 User Means. 
5 

1 8. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said products further comprises at 

3 least one product usage counter ProdCPd, the value of ProdCPd permitting 
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4 the controlled use of said products and said Dealer Means allowing the 

5 regeneration of said LicenCODE in altering the identity of User Means. 

6 v "~ *~ - ' • - 

1 9. The method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said channel comprises a network. 
3 

1 10. A method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein said tamper-proof data storage 

3 device comprises a smart card. 
4 

1 11. A method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the execution of the authentication of 

3 said LicenCODE and Checkcode comprises the step of encoding and 

4 decoding with a random number RandomNUM. 

5 

1 12. A method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the authentication of said 

3 LicenCODE and Checkcode comprises the step of encoding and decoding 

4 with a predetermined code. 
5 

1 13. A method for maximising the security of distributing intellectual 

2 property products as in claim 1 wherein the execution of said third 

3 combination of processes comprises the processes of authenticating said 

4 LicenCODE with said Checkcode and confirming that said product usage 

5 counter ProdCPd has the proper value. 
6 

1 14. A method for maximising the security of distributing intellectual 

2 property products over a channel, said channel having at least one Dealer 
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3 Means communicating with at least one User Means, said method comprising 

4 the steps of: 
5 

6 assigning identification codes ProdTP for each said products, and 

7 UMID for a matched pair of UMIDmeans and UMIDcard, said matched 

8 pair being associated uniquely with each said User Means and for 
g providing backup for said matched pair; 

10 

11 requiring said Dealer Means to generate a LicenCODE from a 

1 2 combination of at least said ProdTP and said UMID respectively; 

13 

14 generating by each said User Means a Checkcode from a combination 

1 5 of said ProdTP and UMID respectively; and 
16 

17 controlling the use of said products on any said User Means by 

1 8 requiring the authentication of said LicenCODE with said Checkcode, 

19 

20 whereby embedding at least said ProdTP, LicenCODE or UMID in said 

21 matched pair to be used with predetermined User Means minimises 

22 the unauthorised use of said products over said channel. 



23 
1 15 



The method for maximising the security of distributing intellectual 

2 property products as in claim 14 wherein the use of said products on any said 

3 User Means comprises the installation of said products on any said User 

4 Means. 
5 

1 16. The method for maximising the security of distributing intellectual 

2 property products as in claim 14 wherein the use of said products on any said 
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3 User Means comprises the application of said products on any said User 

4 Means. 
5 

1 17. The method for maximising the security of distributing intellectual 

2 property products as in claim 14 wherein the use of said products on any said 

3 User Means comprises the activation of the use of said products on any said 

4 User Means. 
5 

1 18. The method for maximising the security of distributing intellectual 

2 property products as in claim 14 wherein said UMID is changeable without 

3 requiring said Dealer Means to regenerate a LicenCODE, said changed 

4 UMID being associated uniquely with a different matched pair for allowing the 

5 regeneration of said LicenCODE and Checkcode in altering the identity of 

6 said User Means. 
7 

1 19. The method for maximising the security of distributing intellectual 

2 property products as in claim 14 wherein UMID is changeable to disable 

3 abandoned matched pair or abandoned UMID Means or UMIDcard to 

4 prevent unauthorised duplication thereof. 
5 

1 20. The method for maximizing the security of distributing intellectual 

2 property products as in claim 14 wherein said channel comprises a wireless 

3 boardcasting network for audio and video signals. 
4 

1 21. A method for maximizing the security of distributing intellectual 

2 property products as in claim 14 wherein said UMIDcard is a tamper-proof 

3 data storage device. 
4 
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1 22. A method for maximizing the security of distributing intellectual 

2 property products as in claim 14 wherein said UMIDmeans is a tamper-proof 

3 data storage device. 
4 

1 23. A method for maximizing the security of distributing intellectual 

2 property products as in claim 14 wherein the authentication of said 

3 LicenCODE and Checkcode comprises the step of encoding and decoding 

4 with a random number RandomNUM. 
5 

1 24. A method for maximizing the security of distributing intellectual 

2 property products as in claim 14 wherein the authentication of said 

3 LicenCODE and Checkcode comprises the step of encoding and decoding 

4 with a predetermined code. 
5 

6 25. A method for maximising the security of distributing intellectual 

7 property products in a mass market having at least one User Means and at 

8 least one product card ProdCard associated with each said products, said 

9 method comprising the steps of: 
10 

11 assigning identification codes ProdTP for each said products and 

12 UMID for a matched pair of UMIDmeans and UMIDcard, said matched 

13 pair being associated uniquely with each said User Means and for 

1 4 providing backup for said matched pair; 
15 

16 generating by said matched pair a LicenCODE from a combination of 

17 ProdTP and UMID respectively, said ProdTP original only from said 

18 ProdCard; 
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20 generating by said User Means a Checkcode from a combination of 

21 said ProdTP and UMID; and 
22 

23 controlling the use of said products on any User Means by requiring 

24 the authentication of said LicenCODE and said Checkcode, 
25 

26 whereby embedding UMID, ProdTP or LicenCODE in said matched 

27 pair and in said ProdCard respectively minimises unauthorised use of 

28 said products distributed in a mass market. 
29 

30 26. A method for maximising the security of distributing intellectual 

31 property products in a mass market as in claim 25 wherein said UMID is 

32 embedded in said ProdCard for associating said ProdCard with said matched 

33 pair. 
34 
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